Browse all 18 CVE security advisories affecting Ethereum. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ethereum serves as a decentralized platform for smart contracts and dApps, enabling programmable transactions. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from smart contract flaws and node exploits. The platform has faced notable security incidents, including the 2016 DAO hack resulting in $50 million theft and reorganization of the blockchain. With 18 CVEs recorded, security remains a focus area, particularly around smart contract vulnerabilities and consensus mechanisms. The network's immutability and decentralized nature present unique security challenges, requiring rigorous auditing and formal verification for deployed contracts.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40072 | web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling — web3.pyCWE-918 | 9.1AI | CriticalAI | 2026-04-09 |
This page lists every published CVE security advisory associated with Ethereum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.